It is quite often necessary to have extra privileges to do certain tasks. These privileges are assigned to your user by belonging to certain groups. The tasks are allowed to be performed by any user belonging to the group associated with that task.

Example: a "sudoer" is a user who can perform certain administrative tasks, such as updating the system. To become a "sudoer" a user must belong to the "sudo" group.

To become an administrator, you must belong to the adm, admin, and sudo groups.
To be a virtualbox user, you must belong to the virtualbox group. To change printer settings you must belong to lpadmin. To use the cdrom, you must belong to cdrom. To use hot-pluggable devices, you must belong to plugdev. To share Samba folders (on a Windows-based network), you must belong to sambashare. To access NTFS files using the virtual filesystem fuse, you must belong to the fuse group. To use many games, you must belong to the games group. The list is long, and not always obvious.

Unfortunately, while this is the feature that gives Linux such a high-level of security, it can also take diligence to remember to add your user to certain groups. It is not uncommon for programs and functions on your system not to work merely because you don't have privileges to do so because you forgot to add your user to the appropriate group(s).

Of most importance, you must already be an administrator in order to change membership in groups. Therefore, if you create a new user and intend to give that user administrative privileges (by assigning the user to the administrative groups), you must do so from your original administrator account (the one you set up at installation) or from another administrative user account.

PolicyKit

PolicyKit-KDE is the KDE frontend for PolicyKit, a toolkit for controlling system-wide user privileges.

Timekpr (Parental controls)

Timekpr is a program to track and control the computer usage of user accounts. (This is different from KTimeTracker, which merely records your usage but does not restrict it.)

Web content filtering

DansGuardian provides web filtering capability, similar to NetNanny. It is useful for limitng objectionable content in publicly accessible workstations, or for filtering objectionable content for younger users. It integrates with ClamAV, and uses several criteria for filtering websites (which is difficult to modify). It is used with Tinyproxy (best for individual users) or the Squid proxy (best for a network server). Install:

KWallet (Password Manager)

KWallet is a password manager for the KDE desktop. Refer to the handbook for detailed usage instructions. If a password is not desired to be used for an application, merely leave the password blank when prompted.

Boot Menu

Login Menu settings

You can change the Login menu settings from the GUI interface:

K menu -> System Settings -> Advanced -> Login Manager

You can choose an integrated theme or select individual components of the login screen/process.

GRUB boot manager settings

Grub2

Natty comes with Grub2, a difficult boot manager to customize. (Grub2 is also known as grub-pc.) See the evolving instructions at the Ubuntu wiki or Ubuntu forums. In brief, some settings can be edited:

and change your password to something other than insecurecleartextpassword, or use the pbkdf2-encrypted method described here. You can then password-lock menu items as well. For detailed info see this blog.

Grub Legacy

The older version of GRUB ("Grub Legacy") is available, for use with a boot partition, for example. Install:

sudo apt-get install grub

If you have multiple operating systems (OS) on your computer, you may be using the GRUB Legacy boot manager (in a boot partition, for example). You can edit the options for GRUB Legacy in the menu.lst configuration file. (See this detailed info.)

sudo nano /boot/grub/menu.lst

(kate can also be used instead of nano as the text editor.)

Removing Grub2 entirely

Personally, I have had nothing but trouble with Grub2 since the beginning. Every version brings a new headache and one OS or another stops loading. I have reverted to Grub Legacy entirely by uninstalling Grub2 (grub-pc) prior to installing Grub Legacy (grub):

Chainloading Grub2 from Grub Legacy

Grub2 is extremely erratic. I no longer advocate chainloading it. Instead, it is possible to bypass Grub2 entirely and load an OS directly using Grub Legacy (stored in a boot partition, for example) using an entry in menu.lst of the format:

Protecting Grub Legacy from cracking

To add password protection, in the /boot/grub/menu.lst configuration file, uncomment (remove the hashmark) from the line:

#password topsecret

and change your password to something other than topsecret, or use the md5-encrypted method described here. You can then password-lock menu items by adding the descriptor lock below the title of any item menu.

Default Applications

You can choose which program to use as your default program for a specific task.

K menu -> System -> System Settings -> Default Applications

Kill a process

Sometimes a program (or "process") just freezes. To "kill" (or end) the program/process:

Manage Bootup/Startup services

There are two ways to select which services should be started at bootup, and I recommend both. The KDE System Settings only shows KDE services, so the Bootup-Manager is also required to show any GTK-based services installed on your system. Preventing unneeded or unwanted services from loading at startup can improve system performance.

In this example, I indicated that the file system was an ntfs-3g filesystem, so did not use the auto option (which detects the filesystem automatically). I used rw to specify read/write privileges for all users, but umask=0 and umask=000 are accepted by some kernels.

Method 2:
Edit fstab:

sudo nano /etc/fstab

When Kubuntu installation finishes, it mounts all ntfs partitions automatically with ntfsprogs, adding a line similar to the following to fstab:

In this example, I have a Chinese-language Windows installation on my first partition, so I set the locale parameter (locale=zh_CN.UTF-8) so that my Chinese documents can display correctly. Setting rw (same as umask=0 or umask=000) lets me read/write the partition without sudo. gid=46 specifies that the drive will belong to the group of hot-pluggable devices (plugdev) and is not necessary unless your ntfs drive is a hot-pluggable one (such as an external USB drive). nls=utf8 is the default and is optional for most ntfs users, but there are other options for Chinese (and other specialized character-set users).

Mounting FAT32 Partitions

Follow the above instructions, but use vfat instead of ntfs-3g.

In other words, if you have made a mount point directory /mnt/WindowsFAT32 and your FAT32 drive is /dev/sda3, then edit the /etc/fstab file to include the line: